Scientists Across the Globe Are Hunting for Pure Randomness

You take the interstate to get home and rely on the water utility for a drink. But have you ever felt the need for some publicly available randomness? Governments and researchers around the world think you might, with projects in the works to produce public sources, or "beacons," of randomness. From quantum-physics experiments to distributed projects that anyone with a laptop could help produce, a wide range of efforts aim to bring randomness to your fingertips. Publicly available randomness helps ensure online security, free elections and fair immigration practices — and may even help address deep questions about the nature of the universe. But producing these randomness beacons ­­— secure, truly random numbers that the public can trust — ­poses huge challenges, sending researchers into the quantum realm and beyond in search of fundamentally unpredictable phenomena. Here's why scientists see randomness as a public utility — and how they're trying to make a mess for your sake. What counts as random? We've all experienced it, but may not know exactly what it is: Randomness is the level of disorder and unpredictability in a system.True, pure randomness is fundamentally unpredictable, said physicist Krister Shalm, who leads quantum experiments for the U.S. National Institute of Standards and Technology (NIST). For instance, if you watched a source of truly random numbers forever, over time, your odds of getting any given number would be the same. (Randomness differs slightly from the related term entropy, which is a numerical measure of disorder.) [The 11 Most Beautiful Mathematical Equations] Why would anyone want to increase disorder in the world? It turns out, public sources of randomness can aid in a number of tasks, from safeguarding complex cryptography to shuffling card decks in online games, said Ewa Syta, a computer scientist at Trinity College in Connecticut. "Public randomness is used in … any kind of system that requires some way to make a decision … to do anything where you want some fair way to agree upon things," Syta told Live Science. "Basically, what public randomness gives you is a way to implement a fair coin toss." The public part of these projects guarantees that multiple parties can verify and trust that toss, said Michael Fischer, a Yale University computer scientist who consulted on a new government beacon of randomness. Not only are the beacons' outputs freely available, but the underlying methods and the output's archives are also public. "You want choices that are free of influence from people with particular agendas," Fischer said. Surprisingly elusive randomness Creating these public spigots of entropy, or randomness beacons, however, is extremely challenging. These beacons use a variety of sources for their disorder, from physical processes like photon emissions or seismic rumblings, to long strings of tweets fed through cryptographic transformations. Whatever the source, though, beacon producers have similar goals: The output should be unpredictable, autonomous and consistent (meaning different users can expect to get the same random string from the beacon), according to NIST. The latter two traits greatly affect trust and usability. The first one addresses the heart of randomness, according to NIST. "That question, how do you know if something's truly random, that's a really deep and difficult problem," Shalm told Live Science. The key is unpredictability, he said. While many things in nature appear chaotic, they almost always have underlying structures or order that someone could, in theory, use to make predictions. That makes finding truly random — fundamentally unpredictable — numbers devilishly hard. For example, Shalm said, think of a football game's coin toss, that icon of randomness. "If you knew exactly how much pressure the referee was applying to the coin and, as it flips in the air, how much turbulence interacts with it, you can predict exactly how that thing's going to land," he said. Similar criticism applies to (almost) any random-number generator based on a physical process, Shalm said. And software-based generators can also be predicted because they follow algorithms, said Rene Peralta, a computer scientist who is running a randomness beacon project for NIST. [The 9 Most Massive Numbers in Existence] Public beacons launch Despite these difficulties, scientists are forging ahead to create public sources of randomness. This July, NIST released the production instance of its randomness beacon, a version it plans to maintain indefinitely. This service broadcasts random strings of 512 bits, or units of computer data, every minute, with the output time-stamped and signed. The new "Version 2.0" makes it easier to combine the beacon's output with other sources, adding a needed security boost for users, Peralta said. Now, users can merge NIST's output of random bits with, for example, a beacon launched by the Chilean government, also in July, and a Brazilian version planned for 2019. That way, even if someone tampered with one source to influence (and thus predict) its output, the merged beam would remain unpredictable, Peralta said. For most people, using NIST's beacon alone will work just fine, Peralta said. But even the slightest possibility of attack may be a problem for high-value applications, like hosting a big-money lottery or choosing election machines for monitoring, he said. A hacker who influenced NIST's output could predict the lottery results or which voting machines would be tested if NIST alone provided the randomness. "The NIST Beacon is more secure than most information systems," because it does not import data and is in a secure location, Peralta said. But an insider or an attacker backed by government funding and resources could get through all of that, Peralta added. Security protocols, such as encryption of messages, also make frequent use of randomness, and these also need assurances against tampering. Public randomness could be used, for example, for authentication when accessing encrypted messages, in which you prove your identity using both a public and private key, Syta said. Syta and other researchers are developing alternative systems that would also address tampering concerns: These beacons draw entropy from multiple, "distributed" sources that are in separate locations and controlled by different organizations or individuals. The distributed models remain in testing stages, but they would also address a related issue for security-minded folks: distrust of the government, Syta said. Where's the randomness? The researchers at NIST began their search for entropy sources in the quantum realm. Quantum mechanics, at its heart, is a random theory, Shalm said. For example, you can't predict exactly when a particular radioactive atom will decay — only a probability, wrote Scott Aaronson, the director of the Quantum Information Center at The University of Texas at Austin. [Twisted Physics: 7 Mind-Blowing Findings] "Quantum mechanics … says that things happen randomly," Shalm said. "You can't predict what's going to happen exactly — you can only predict probabilities." So, the current NIST beacon relies, in part, on a quantum-based random number generator; this device measures the arrival time of photons produced by an attenuated laser, which emits photons at random times, Shalm said. (Think of this laser like a narrowed water spigot, but for light, he said.) The NIST beacon combines that output with the production of commercial random number generators, which rely on electronic-circuit noise instead of quantum properties, upping the combined entropy with mathematical transformations. Chile's beacon, meanwhile, draws on seismic data in the earthquake-prone country, plus Twitter feeds. Long strings of concatenated tweets are "pretty unpredictable, because you don't know ahead what people are going to say," Peralta said. A cryptographic hash shrinks these long strings, removing the structure characteristic of language and producing something "pretty much uniformly random," he said. The distributed models can draw randomness both from individuals running entropy-producing programs on their laptops and from private companies, like Cloudflare, which extracts randomness from lava lamps. The company snaps high-resolution photos of a wall of lamps' shifting, disordered patterns. Turning quantum bugs into features As these beacons approach pure randomness, their creators envision multiple further uses. "Anything that requires decision-making, and fairly, is a good application for public randomness," Syta said. That could mean picking Powerball winners or choosing a jury — even shuffling a deck of cards in an online game. [Photos: Large Numbers That Define the Universe] More consequentially, because NIST's beacon keeps an archive (in a secure, block-chain-like structure), it could help governments prove their immigration practices are fair, Peralta said. For example, the U.S. Diversity Immigrant Visa program, aka green card lottery, awards visas to people from countries with historically low U.S. immigration, selecting potential recipients randomly from those regions. However, someone might accuse the purportedly random program of biases, for example, against Muslims, Peralta said. "But if you pick [lottery winners] using an external source of randomness like ours, then you can't make that argument," he said. The government could just reference the archive. Recent attempts to hack U.S. voting machines show the importance of another application: random testing, Peralta said. Logistically, election overseers can't examine every voting machine for tampering, so they have to do spot checks. But if hackers can predict which machines will get examined, those agents can simply tamper with other machines. Enter, the randomness beacon, which can pick unpredictable subsets for testing. Whatever the application, the coolest part of these beacons is that they turn deep scientific debates into public goods, Shalm said. Albert Einstein famously feuded with Niels Bohr and others over quantum mechanics' implication that nature is random, with Einstein saying, "God does not play dice." "We're taking what Einstein would call a bug and turning it into a feature," Shalm said. "The universe is random, and that's OK. There are interesting things that come out of that." Originally published on Live Science.